[squid-users] All Pease Read - [Was Re: SquidGuard with Squid (was Re: syntax error in logfile)]
Hello All, Francesco Ranieri wrote: Do you know selinux ? I read that context=system_u:system_r:initrc_t and i suppose it belongs to selinux, if you know what selinux is you can try to disable it and see if on reboot the original squid script works. If you don't know selinux, i suppose you can disable it changing the file /etc/sysconfig/selinux or /etc/selinux/config. If you don't find these files try an updatedb locate selinux. If those files exist change the SELINUX=enforcing variable setting and reboot. To check if selinux is enabled you can try also with selinuxenabled;echo $? if it returns 0 it's enabled. If you want to use selinux i suppose you'll have to modify the policies. Best Regards Francesco Ranieri I think I have finally made a breakthrough thanks to Francesco. Changing SELINUX=enforcing to SELINUX=permissive (displays warnings instead of blocking) now allows squid to launch squidGuard at boot! I haven't yet tested it fully but it does at least start the processes. (I now have to go back and undo all the things I did when testing it and try it from a standard set-up - groan). Does anyone here know SELinux? I would like - eventually - to be able to have it running with SELinux enabled. If someone could help me with this (or point me to someone who can) then I will volunteer to write a How-To for other users of squidGuard with Fedora Core 4+ (where SELinux is enabled by default). I still have much testing and set-up to do - so I am not finished yet - but I would like to take this opportunity to thank everyone on these two lists for all their help. Even after a couple of years of using Linux I am still impressed by the unstinting devotion of the community, and its members' willingness to give of their time and knowledge so freely to help others. Thank You. Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: - Try the online test again : root # /usr/sbin/squid OK ? M. Yeah That still works fine. Mark signature.asc Description: OpenPGP digital signature
Re: AW: [squid-users] Squid with SquidGuard
[EMAIL PROTECTED] wrote: Suqid and squidguard work fine for me. There are 2 scripts: /sbin/init.d/squid (yep, OS is Tru64): case $1 in 'start') echo Starting SQUID ... nohup /sbin/init.d/squid_start ;; snip and /sbin/init.d/squid_start: #!/bin/sh su - squid -c '/usr/local/squid/sbin/squid -D' and an entry in /sbin/rc3.d: lrwxrwxrwx 1 root bin 15 Aug 20 2002 S99squid - ../init.d/squid Voila, this works. After a reboot squid and squidguard are running. Hope this helps a little bit. Werner Rost GMT-FIR - Netzwerk Well I had high hopes for this. I worked through it step-by-step changing the relevant file locations to match my system - even putting in some echo comments to trace where I was and, Hey Presto! It worked from the command line... Note: I had to change the /etc/rc.d/init.d/squid_start script to read su - squid --command=`/usr/sbin/squid -D` (with backticks) for it to work (Although I think the -D switch is unnecessary because, if I read my init.d/squid script correctly, it calls /etc/sysconfig/squid which sets it as default). So. Now I can run /sbin/service squid start and squid will start together with squidGuard. Full of hope, I rebooted (having first removed the entry from /etc/rc.d/rc.local). No joy... still the same error. To use the vernacular - This is doing my head in! Thanks and best regards Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: So , are you really sure, that the one user who is defined as : cache_effective_user in squid.conf, can execute : /usr/local/squidguard/bin/squidGuard -- Double verify and again, if needed. M. Hmmm. Well I *thought* I could. But see below: [EMAIL PROTECTED] ~]$ su Password: [EMAIL PROTECTED] mark]# cat /etc/squid/squid.conf | grep cache_effective # TAG: cache_effective_user # to UID to squid. If you define cache_effective_user, but not # cache_effective_group, Squid sets the GID to the effective # cache_effective_user. #cache_effective_user squid cache_effective_user squid # TAG: cache_effective_group #cache_effective_group squid cache_effective_group squid Then: [EMAIL PROTECTED] mark]# sudo -u squid /usr/sbin/squid -NCd 1 2006/01/26 18:47:49| strtokFile: /usr/share/squid/ads not found 2006/01/26 18:47:49| aclParseAclLine: WARNING: empty ACL: acl ad_sites dstdomain /usr/share/squid/ads 2006/01/26 18:47:49| Starting Squid Cache version 2.5.STABLE11 for i386-redhat-linux-gnu... 2006/01/26 18:47:49| Process ID 5028 2006/01/26 18:47:49| With 1024 file descriptors available 2006/01/26 18:47:49| Performing DNS Tests... 2006/01/26 18:47:49| Successful DNS name lookup tests... 2006/01/26 18:47:49| DNS Socket created at 0.0.0.0, port 32789, FD 4 2006/01/26 18:47:49| Adding nameserver 192.168.123.254 from /etc/resolv.conf 2006/01/26 18:47:49| helperOpenServers: Starting 5 'squidGuard' processes 2006/01/26 18:47:50| User-Agent logging is disabled. 2006/01/26 18:47:50| Referer logging is disabled. 2006/01/26 18:47:50| Unlinkd pipe opened on FD 14 2006/01/26 18:47:50| Swap maxSize 102400 KB, estimated 7876 objects 2006/01/26 18:47:50| Target number of buckets: 393 2006/01/26 18:47:50| Using 8192 Store buckets 2006/01/26 18:47:50| Max Mem size: 8192 KB 2006/01/26 18:47:50| Max Swap size: 102400 KB 2006/01/26 18:47:50| Rebuilding storage in /var/spool/squid (CLEAN) 2006/01/26 18:47:50| Using Least Load store dir selection 2006/01/26 18:47:50| Set Current Directory to /var/spool/squid 2006/01/26 18:47:50| Loaded Icons. 2006/01/26 18:47:50| Accepting HTTP connections at 0.0.0.0, port 8080, FD 16. 2006/01/26 18:47:50| Accepting ICP messages at 0.0.0.0, port 3130, FD 17. 2006/01/26 18:47:50| WCCP Disabled. 2006/01/26 18:47:50| /var/run/squid.pid: (1) Operation not permitted FATAL: Could not write pid file Wooahhh??? So: [EMAIL PROTECTED] mark]# ls -la /var/run/squi* ls: /var/run/squi*: No such file or directory Hmmm - Strange? [EMAIL PROTECTED] mark]# locate squid.pid /var/run/squid.pid So whatever squid.pid is or does it was there the last time updatedb was run but it's not there now. However, Squid did get past the point at which it launched squidGuard (which seemed OK) before gracefully closing it. See squidGuard.log (+note times): 2006-01-26 18:47:50 [5031] squidGuard 1.2.0 started (1138301270.257) 2006-01-26 18:47:50 [5031] squidGuard ready for requests (1138301270.310) 2006-01-26 18:47:50 [5033] squidGuard 1.2.0 started (1138301270.275) 2006-01-26 18:47:50 [5033] squidGuard ready for requests (1138301270.311) 2006-01-26 18:47:50 [5029] squidGuard 1.2.0 started (1138301270.246) 2006-01-26 18:47:50 [5029] squidGuard ready for requests (1138301270.312) 2006-01-26 18:47:50 [5032] squidGuard 1.2.0 started (1138301270.290) 2006-01-26 18:47:50 [5032] squidGuard ready for requests (1138301270.313) 2006-01-26 18:47:50 [5030] squidGuard 1.2.0 started (1138301270.285) 2006-01-26 18:47:50 [5030] squidGuard ready for requests (1138301270.314) 2006-01-26 18:47:51 [5029] squidGuard stopped (1138301271.198) 2006-01-26 18:47:51 [5030] squidGuard stopped (1138301271.200) 2006-01-26 18:47:51 [5031] squidGuard stopped (1138301271.201) 2006-01-26 18:47:51 [5032] squidGuard stopped (1138301271.203) 2006-01-26 18:47:51 [5033] squidGuard stopped (1138301271.204) Now running /usr/sbin/squid -NCd 1 as root (*NOT* sudo -u squid) works just fine (I am not posting the output, but I ran it at 19:07) and guess what?: [EMAIL PROTECTED] mark]# ls -la /var/run/squid.pid -rw-r--r-- 1 root squid 5 Jan 26 19:07 /var/run/squid.pid [EMAIL PROTECTED] mark]# I'm *sure* this worked before however but (shrug) nevertheless - what does it tell us? Thanks again for all your help Best regards Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote:
[EMAIL PROTECTED] mark]# sudo -u squid /usr/sbin/squid -NCd 1
...
That's not the way to go, and not what I asked.
You need to make sure that the one who is defined
as
cache_effective_user
can execute /squidGuard.
Since the user is apparently called 'squid' you need to,
Either fully login as squid'' and test this, I advise to test it
that way *really*.
If you want to test it from root-originating-shells then,
1) # su - squid
2) squid % _path_to_squidguard/squidGuard
the latter should not give a permission error.
squid.pid contains the process id of the squid process.
Starting as 'squid' using the sudo stuff is bogus, because, indeed,
then you run into other problems such as the pid file which can not be written,
e.g. because this file is owned by root.
M.
Sorry, My mistake - again.
[EMAIL PROTECTED] mark]# su - squid
This account is currently not available.
hmmm..
[EMAIL PROTECTED] mark]# vim /etc/passwd
{change squid:x:23:23::/var/spool/squid:/sbin/nologin to
squid:x:23:23::/var/spool/squid:/bin/bash}
[EMAIL PROTECTED] mark]# su - squid
-bash-3.00$ /usr/local/squidguard/bin/squidGuard -d
2006-01-26 20:47:29 [6046] squidGuard 1.2.0 started (1138308449.370)
2006-01-26 20:47:29 [6046] squidGuard ready for requests (1138308449.372)
OK?
Thanks (yet) again...
Mark
signature.asc
Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote:
Sorry, My mistake - again.
[EMAIL PROTECTED] mark]# su - squid
This account is currently not available.
hmmm..
[EMAIL PROTECTED] mark]# vim /etc/passwd
{change squid:x:23:23::/var/spool/squid:/sbin/nologin to
squid:x:23:23::/var/spool/squid:/bin/bash}
[EMAIL PROTECTED] mark]# su - squid
-bash-3.00$ /usr/local/squidguard/bin/squidGuard -d
2006-01-26 20:47:29 [6046] squidGuard 1.2.0 started (1138308449.370)
2006-01-26 20:47:29 [6046] squidGuard ready for requests (1138308449.372)
OK?
Thanks (yet) again...
Ok, and now, since the status of the squid account in the pw file
was changed you should, simply (only) ,try :
root # _path_to_squid/squid
Check whether this works.
M.
[EMAIL PROTECTED] mark]# whereis squid
squid: /usr/sbin/squid /etc/squid /usr/lib/squid /usr/share/squid
/usr/share/man /man8/squid.8.gz
[EMAIL PROTECTED] mark]# /usr/sbin/squid
[EMAIL PROTECTED] mark]# ps -ef | grep squid
[EMAIL PROTECTED] mark]# ps -ef | grep squid
root 6017 5105 0 20:46 pts/300:00:00 su - squid
squid 6018 6017 0 20:46 pts/300:00:00 -bash
root 6195 1 0 21:11 ?00:00:00 /usr/sbin/squid
squid 6197 6195 0 21:11 ?00:00:00 (squid)
squid 6198 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6199 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6200 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6201 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6202 6197 0 21:11 ?00:00:00 (squidGuard) -c
/etc/squidguard.conf
squid 6203 6197 0 21:11 ?00:00:00 (unlinkd)
root 6209 5055 0 21:12 pts/200:00:00 grep squid
[EMAIL PROTECTED] mark]#
Looking good...
Logs (both /var/log/squid/cache.log
/var/log/squidguard/squidGuard.log) also show squid + squidGuard started OK
What now?
Mark
signature.asc
Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: What now? Same test , but now, from /etc/rc.d/rc.local. (involves system restart) Should work too now. Actually No. (groan...) 2006/01/26 22:00:56| helperOpenServers: Starting 5 'squidGuard' processes 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. 2006/01/26 22:00:56| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. (From cache.log after reboot with /usr/sbin/squid in rc.local) Sigh... Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: If I put the command /usr/sbin/squid -NC in my /etc/rc.d/rc.local file it hangs the system on reboot! You can not use it like that in rc.local, that way of SQUID starting is ment to be used from the command line, and intended for problem solving tasks. Use squid -h to understand the meaning of these flags For rc.local just use : _path_to_squid/squid afterwards, check cache.log , watchout for FATAL errors, if I think it's something to do with the cache (/var/spool/squid). Whatever caused it, the only remedy was to power off and reboot with a rescue disk comment out the line in /etc/rc.d/rc.local. Interestingly, if I try the command /usr/sbin/squid on its own with no switches, the system starts OK but I get the same old error (WARNING: Cannot run '/usr/bin/squidGuard' process.) and squidGuard is not running. So what on earth is going on? We need to re-iterate ; On the command line : # squid -NCd 1 check whether this works, again. Then just put startup command in rc.local the way I explained. Check cache.log M. Hi Mark, Hi List, Sorry, I explained myself badly. I did put /usr/sbin/squid -NC in rc.local at first which caused the crash. The next thing I did (after restoring the system) was to read the -h comments (slap myself) and put just the command /usr/sbin/squid in rc.local. As I point out above (badly worded): Interestingly, if I try the command /usr/sbin/squid on its own with no switches, the system starts OK but I get the same old error (WARNING: Cannot run '/usr/bin/squidGuard' process.) and squidGuard is not running. without the -NC switches the command /usr/sbin/squid in rc.local starts OK but does not start squidGuard - and gives exactly the same errors in cache.log as I've been getting all along when starting squid with /sbin/service squid start. The only thing that gives me hope is the fact that /usr/sbin/squid -NCd 1 from the command line does in fact work (and I've just tried it again to be sure!). So. To be clear: /usr/sbin/squid -NCd 1 from the command line works just fine; /usr/sbin/squid in /etc/rc.d/rc.local does not; and produces the same error as /sbin/service squid start from the command line. Apologies for the confusion. What next? Thanks again (I *really* appreciate your help) Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: So. To be clear: /usr/sbin/squid -NCd 1 from the command line works just fine; /usr/sbin/squid in /etc/rc.d/rc.local does not; and produces the same error as /sbin/service squid start from the command line. Apologies for the confusion. What next? In both cases, the working and the not working case, can you check : squidGuard.log anything weird in there ? M. Nope. In the working case everything seems just fine: 2006-01-24 21:32:37 [11225] squidGuard 1.2.0 started (1138138357.409) 2006-01-24 21:32:37 [11225] squidGuard ready for requests (1138138357.481) 2006-01-24 21:32:37 [11223] squidGuard 1.2.0 started (1138138357.433) 2006-01-24 21:32:37 [11223] squidGuard ready for requests (1138138357.482) 2006-01-24 21:32:37 [11224] squidGuard 1.2.0 started (1138138357.435) 2006-01-24 21:32:37 [11224] squidGuard ready for requests (1138138357.483) 2006-01-24 21:32:37 [11221] squidGuard 1.2.0 started (1138138357.506) 2006-01-24 21:32:37 [11221] squidGuard ready for requests (1138138357.508) 2006-01-24 21:32:37 [11222] squidGuard 1.2.0 started (1138138357.519) 2006-01-24 21:32:37 [11222] squidGuard ready for requests (1138138357.521) 2006-01-24 22:11:05 [11221] squidGuard stopped (1138140665.526) 2006-01-24 22:11:05 [11222] squidGuard stopped (1138140665.528) 2006-01-24 22:11:05 [11223] squidGuard stopped (1138140665.530) 2006-01-24 22:11:05 [11224] squidGuard stopped (1138140665.531) 2006-01-24 22:11:05 [11225] squidGuard stopped (1138140665.533) (I started with /usr/sbin/squid -NCd 1 did some tests and closed with CTRL-C) In the non-working case - cold boot with /usr/sbin/squid in rc.local - you can see the results too (i.e. *nothing at all* written to squidGuard.log). Hurumph... Thanks again Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Hello Chaps, I'm still struggling (and still failing) to to squidGuard to work with squid. For those of you who have not been following each gripping instalment of this thread here is a quick recap... I can run squid very happily on my FC4 machine. I have tried installing squidGuard by RPM, by Yum and finally from source. I have (I think) changed all the file ownerships and permissions that I should have done and yet I have always got (and still get) the same error when I include squidGuard as a redirector in squid: 2006/01/14 21:36:07| helperOpenServers: Starting 5 'squidGuard' processes 2006/01/14 21:36:07| comm_open: FD 6 is a new socket 2006/01/14 21:36:07| fd_open FD 6 squidGuard 2006/01/14 21:36:07| comm_open: FD 7 is a new socket 2006/01/14 21:36:07| fd_open FD 7 squidGuard 2006/01/14 21:36:07| ipcCreate: prfd FD 7 2006/01/14 21:36:07| ipcCreate: pwfd FD 7 2006/01/14 21:36:07| ipcCreate: crfd FD 6 2006/01/14 21:36:07| ipcCreate: cwfd FD 6 2006/01/14 21:36:07| ipcCreate: FD 7 sockaddr 127.0.0.1:32990 2006/01/14 21:36:07| ipcCreate: FD 6 sockaddr 127.0.0.1:32989 2006/01/14 21:36:07| ipcCreate: FD 6 listening... 2006/01/14 21:36:07| leave_suid: PID 12881 called 2006/01/14 21:36:07| leave_suid: PID 12881 giving up root priveleges forever 2006/01/14 21:36:07| ipcCreate: calling accept on FD 6 2006/01/14 21:36:07| comm_close: FD 6 2006/01/14 21:36:07| commCallCloseHandlers: FD 6 2006/01/14 21:36:07| fd_close FD 6 squidGuard 2006/01/14 21:36:07| connect FD 7: (13) Permission denied 2006/01/14 21:36:07| comm_close: FD 7 2006/01/14 21:36:07| commCallCloseHandlers: FD 7 2006/01/14 21:36:07| fd_close FD 7 squidGuard 2006/01/14 21:36:07| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. The Permission denied message has led me down the file ownership / permissions route; but I am able to run squidGuard from the command line with the sudo command: [EMAIL PROTECTED] bin]# sudo -u squid /usr/local/squidguard/bin/squidGuard -d 2006-01-22 18:30:36 [14702] squidGuard 1.2.0 started (1137954636.066) 2006-01-22 18:30:36 [14702] squidGuard ready for requests (1137954636.096) Now, after some Googling, I see that this problem (or at least similar problems) can be caused by a firewall on the loopback interface. Do you think this is the cause of my problem? (I posted my Iptables output in an earlier post). However, as a test, I temporarily disabled the firewall and unfortunately still got the same problem. That is the firewall on this FC4 machine... I am connected to the Internet via a wireless connection which has its own firewall - but surely that should not affect this (or should it?) What should my next step be? Dying of frustration here. Many thanks for your patience... Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: That may not be enough in a context where the Firewalling software was started and then stopped. Residual rules and or states may still affect the loopback interface. Can you, for instance, 'ping localhost' with success ? Yup... Even with the firewall up and running: [EMAIL PROTECTED] bin]# ping localhost PING localhost.localdomain (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=0 ttl=64 time=0.339 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.260 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.260 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64 time=0.261 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=4 ttl=64 time=0.251 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=5 ttl=64 time=0.260 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=6 ttl=64 time=0.252 ms --- localhost.localdomain ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 6008ms rtt min/avg/max/mdev = 0.251/0.269/0.339/0.028 ms, pipe 2 Set the firewalling functions off , wherever this needs to be done, and *restart* the system. Check whether you can ping the localhost (itself). I haven't tried restarting yet - but given that ping localhost works with the firewall(s) in place do you still think that this is my problem? I still think that the Permission denied message is caused by file ownership problems - but where? Thanks Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: I haven't tried restarting yet - but given that ping localhost works with the firewall(s) in place do you still think that this is my problem? It could still be, so the restarting with all Firewalling off should still be tried. Well I've just tried it with Iptables/Firestarter turned off + cold restart - and still the same thing. I can't work out what to do with my wireless router firewall (to be honest firewalls are a bit of a black art as far as I am concerned) but all references to LAN are 192.168.123.xxx as far as I can see. I still think that the Permission denied message is caused by file ownership problems - but where? There shouldn't be if SquidGuard runs under the same user as squid (defined in squid.conf). Btw, do you start SQUID as root ? Even if no privileged port is used for http-receiving, I would still start as root. I am not sure whether this inter process communication , which goes via the loopback interface , may need root privilege to create the socket. I am not sure about that. M. Both cache_effective_user and cache_effective_group in squid.conf are set to squid. Every file I can think of that is even remotely connected with squidGuard is set to chown squid.squid. Squid is started automatically in runlevel 5. If I start it myself I use the command: /sbin/service squid start (or stop, or restart) as root. Any ideas? signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Mark Elsen wrote: ... Squid is started automatically in runlevel 5. If I start it myself I use the command: /sbin/service squid start (or stop, or restart) as root. Try to start it more natively, what does : root # path_to_squid/squid -NCd 1 gives ? Well Now! - *That's Interesting!* It Works! [EMAIL PROTECTED] mark]# /sbin/service squid stop Stopping squid: . [ OK ] [EMAIL PROTECTED] mark]# /usr/sbin/squid -NCd 1 2006/01/22 23:18:30| Starting Squid Cache version 2.5.STABLE11 for i386-redhat-linux-gnu... 2006/01/22 23:18:30| Process ID 3644 2006/01/22 23:18:30| With 1024 file descriptors available 2006/01/22 23:18:30| Performing DNS Tests... 2006/01/22 23:18:30| Successful DNS name lookup tests... 2006/01/22 23:18:30| DNS Socket created at 0.0.0.0, port 32772, FD 4 2006/01/22 23:18:30| Adding nameserver 192.168.123.254 from /etc/resolv.conf 2006/01/22 23:18:30| helperOpenServers: Starting 5 'squidGuard' processes ...etc So what exactly does that tell us? How can I get it so that it works when started automatically? (You are lucky , the snooker is on a break :-) M. Sorry to take a while to get back to you - I was watching Foyle's War :-) Thanks so much! Now I think I'm making progress... Thanks again Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Quoting from my own message... Mark Sansome wrote: 2006/01/14 21:36:07| comm_open: FD 7 is a new socket 2006/01/14 21:36:07| fd_open FD 7 squidGuard 2006/01/14 21:36:07| ipcCreate: prfd FD 7 2006/01/14 21:36:07| ipcCreate: pwfd FD 7 2006/01/14 21:36:07| ipcCreate: crfd FD 6 2006/01/14 21:36:07| ipcCreate: cwfd FD 6 2006/01/14 21:36:07| ipcCreate: FD 7 sockaddr 127.0.0.1:32990 2006/01/14 21:36:07| ipcCreate: FD 6 sockaddr 127.0.0.1:32989 2006/01/14 21:36:07| ipcCreate: FD 6 listening... 2006/01/14 21:36:07| leave_suid: PID 12881 called 2006/01/14 21:36:07| leave_suid: PID 12881 giving up root priveleges forever 2006/01/14 21:36:07| ipcCreate: calling accept on FD 6 2006/01/14 21:36:07| comm_close: FD 6 2006/01/14 21:36:07| commCallCloseHandlers: FD 6 2006/01/14 21:36:07| fd_close FD 6 squidGuard 2006/01/14 21:36:07| connect FD 7: (13) Permission denied 2006/01/14 21:36:07| comm_close: FD 7 2006/01/14 21:36:07| commCallCloseHandlers: FD 7 2006/01/14 21:36:07| fd_close FD 7 squidGuard 2006/01/14 21:36:07| WARNING: Cannot run '/usr/local/squidguard/bin/squidGuard' process. I guess the important line here is connect FD 7: (13) Permission denied My question is how do I find out *exactly* what is being denied? I have followed every guide I can find, read every HowTo, scanned every FAQ and followed all the instructions on file ownership and permissions. Almost everything to do with squidGuard has file ownerships of squid.squid and still I get this error If I run squidGuard on its own as root it seems to work. Is there any way I can try to run it as user squid from the command line to see if I get any more information? Trying su squid obviously didn't work (but I had to try it anyway). Is there anything else I can try? Hoping you can help Thanks Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Brian Phillips wrote: 'su - squid' It COMPLETELY sets you as the squid user. Are you starting squid as root? Or are you using the init scripts? Or are you just running it on the command line as squid/proxy? If I try as a non-privileged user: [EMAIL PROTECTED] ~]$ su - squid Password: su: incorrect password (Don't know what the squid password is - should I? Can I find out?) If I try as root: [EMAIL PROTECTED] mark]# su - squid /usr/local/squidguard/bin/squidGuard -c /etc/squidguard.conf This account is currently not available. [EMAIL PROTECTED] mark]# [EMAIL PROTECTED] mark]# su - squid This account is currently not available. [EMAIL PROTECTED] mark]# Hmmm... *Should* that work? I start squid either by rebooting or with the command /sbin/service squid restart [or start or stop] (as root). Whichever way, it will start quite happily but will still list the same error in cache.log and the proxy will not work. Taking the redirect_program /usr/local/squidguard/bin/squidGuard -c /etc/squidguard.conf line out of squid.conf and restarting will allow squid to work properly. I can start squidGuard from the command line (as root) with the command: [EMAIL PROTECTED] mark]# /usr/local/squidguard/bin/squidGuard -d which gives the response: 2006-01-16 21:31:01 [16626] squidGuard 1.2.0 started (1137447061.766) 2006-01-16 21:31:01 [16626] squidGuard ready for requests (1137447061.806) (although I have to CTRL-c to get back to the command line - is that normal?) So - if my reasoning is correct, I can start squidGuard as root, but when squid tries to launch it, it fails because it does not have the right permissions somewhere or other. As you can see above I don't seem to be able to pretend to be squid myself so that I can start it from the command line and see what information I get... Any ideas? Thanks again Mark signature.asc Description: OpenPGP digital signature
[squid-users] Squid with SquidGuard
Hello chaps,
I know that this is a Squid mailing list and not the SquidGuard list - by I
have exhausted the help of the good folks on the SquidGuard list...
I actually have Squid up and running and am very happy with it :)
however, I *do* want to use squidGuard with it too.
Squid runs on a FC4 machine dealing with the proxy requests of my small home
network.
I have tried installing squidGuard from RPM, Yum, and by installing from
source. All fail to work with squid.
I have tried squidGuard with the simplest of SquidGuard.conf files :
logdir /var/log/squidguard
acl {
default {
pass all
}
}
and the command:
# /usr/bin/squidGuard -d
2006-01-07 23:54:38 [28284] squidGuard 1.2.0 started (1136678078.397)
2006-01-07 23:54:38 [28284] squidGuard ready for requests (1136678078.400)
seems to show that squidGuard is happy...
However, as soon as I put the line:
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
into squid.conf everything goes wrong.
In /var/log/squid/cache.log I find the following:
2006/01/07 23:51:03| helperOpenServers: Starting 5 'squidGuard' processes
2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run '/usr/bin/squidGuard' process.
No matter what I do I cannot seem to get SquidGuard to start from within
Squid.
What am I doing wrong?
Can I get any more detailed output as to *exactly* why Squid can't run
squidGuard?
Any ideas?
Thanks in advance
Mark
signature.asc
Description: OpenPGP digital signature
Re: [squid-users] Squid with SquidGuard
Brian E. Conklin wrote:
-Original Message-
From: Mark Sansome [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 12, 2006 2:21 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Squid with SquidGuard
Hello chaps,
I know that this is a Squid mailing list and not the
SquidGuard list - by I have exhausted the help of the good
folks on the SquidGuard list...
I actually have Squid up and running and am very happy with it :)
however, I *do* want to use squidGuard with it too.
Squid runs on a FC4 machine dealing with the proxy requests
of my small home network.
I have tried installing squidGuard from RPM, Yum, and by
installing from source. All fail to work with squid.
I have tried squidGuard with the simplest of SquidGuard.conf files :
logdir /var/log/squidguard
acl {
default {
pass all
}
}
and the command:
# /usr/bin/squidGuard -d
2006-01-07 23:54:38 [28284] squidGuard 1.2.0 started (1136678078.397)
2006-01-07 23:54:38 [28284] squidGuard ready for requests
(1136678078.400)
seems to show that squidGuard is happy...
However, as soon as I put the line:
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
into squid.conf everything goes wrong.
In /var/log/squid/cache.log I find the following:
2006/01/07 23:51:03| helperOpenServers: Starting 5
'squidGuard' processes
2006/01/07 23:51:03| WARNING: Cannot run
'/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run
'/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run
'/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run
'/usr/bin/squidGuard' process.
2006/01/07 23:51:03| WARNING: Cannot run
'/usr/bin/squidGuard' process.
No matter what I do I cannot seem to get SquidGuard to start
from within
Squid.
What am I doing wrong?
Can I get any more detailed output as to *exactly* why Squid
can't run squidGuard?
Any ideas?
I found much more help (including a better howto and trouble shooting
section) at http://www.maynidea.com/squidguard/
Brian E. Conklin, MCP+I, MCSE
Director of Information Services
voice: 360-427-3423
fax: 360-427-9599
Thanks in advance
Mark
=
Brian C.
Thanks Brian,
That was one of the many resources I used. I too found it useful and
when I tried installing from source (last resort) I followed his
step-by-step guide *exactly* - Still didn't work...
Brian P.
Thanks Brian,
Brian Phillips wrote:
Do:
# ls -l /usr/bin/squidGuard
And tell us what the permissions are (paste em here.)
Since I wrote my message (it's an edited form of the one I sent to the
squidGuard mailing list) I have uninstalled that (RPM) version of
squidGuard and installed from source. The current version is therefore
in /usr/local/squidguard/bin/
It gives me:
[EMAIL PROTECTED] mark]# ls -la /usr/local/squidguard/bin/squidGuard
-rwxr-xr-x 1 squid squid 731596 Jan 11 14:18
/usr/local/squidguard/bin/squidGuard
I have tried changing ownerships and permissions of every file I can
think of and followed every guide I can find...
Any help gratefully received...
Thanks again.
Mark
signature.asc
Description: OpenPGP digital signature
